CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2023-29296 (GCVE-0-2023-29296)
Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2025-03-05 18:56
VLAI
Title
[Cloud] Customer suspects IDOR vulnerability
Summary
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization (CWE-863)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Magento Commerce |
Affected:
unspecified , ≤ 2.4.5-p1
(custom)
Affected: unspecified , ≤ 2.4.6 (custom) Affected: unspecified , ≤ 2.4.5-p2 (custom) Affected: unspecified , ≤ 2.4.4-p3 (custom) |
Date Public
2023-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:44.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:36:03.689164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:56:22.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Magento Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.5-p1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user\u0027s data. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization (CWE-863)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[Cloud] Customer suspects IDOR vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29296",
"datePublished": "2023-06-15T00:00:00.000Z",
"dateReserved": "2023-04-04T00:00:00.000Z",
"dateUpdated": "2025-03-05T18:56:22.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3033 (GCVE-0-2023-3033)
Vulnerability from cvelistv5 – Published: 2023-06-02 12:28 – Updated: 2025-01-08 17:59
VLAI
Title
Mobatime web application - broken authorisation mechanisms
Summary
Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.
Severity
6.8 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mobatime | Mobatime web application |
Affected:
0 , ≤ 06.7.22
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3033.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3033",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:59:15.508542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:59:27.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mobatime web application",
"vendor": "Mobatime",
"versions": [
{
"lessThanOrEqual": "06.7.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "testeurdestylos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Mobatime web application: through 06.7.22.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T08:21:21.296Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3033.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mobatime web application - broken authorisation mechanisms",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2023-3033",
"datePublished": "2023-06-02T12:28:54.133Z",
"dateReserved": "2023-06-01T08:47:24.205Z",
"dateUpdated": "2025-01-08T17:59:27.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30428 (GCVE-0-2023-30428)
Vulnerability from cvelistv5 – Published: 2023-07-12 09:10 – Updated: 2024-10-04 13:43
VLAI
Title
Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer
Summary
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role.
This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.
The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.
There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.
2.8 Pulsar Broker users and earlier are unaffected.
2.9 Pulsar Broker users should upgrade to one of the patched versions.
2.10 Pulsar Broker users should upgrade to at least 2.10.4.
2.11 Pulsar Broker users should upgrade to at least 2.11.1.
3.0 Pulsar Broker users are unaffected.
Severity
8.2 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/v39hqtgrmyxr85rmo… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Pulsar Broker |
Affected:
2.9.0 , ≤ 2.9.5
(semver)
Affected: 2.10.0 , < 2.10.4 (semver) Affected: 2.11.0 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/v39hqtgrmyxr85rmofwvgrktnflbq3q5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pulsar",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "2.9.5",
"status": "affected",
"version": "2.9.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.10.4",
"status": "affected",
"version": "2.10.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pulsar",
"vendor": "apache",
"versions": [
{
"status": "affected",
"version": "2.11.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:37:10.667539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:43:04.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Pulsar Broker",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.9.5",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
},
{
"lessThan": "2.10.4",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.11.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Marshall of DataStax"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker\u0027s Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker\u0027s admin role.\u003cbr\u003eThis issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.\u003cbr\u003e\u003cbr\u003eThe vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.\u003cbr\u003e\u003cbr\u003eThere are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.\u003cbr\u003e\u003cbr\u003e2.8 Pulsar Broker users and earlier are unaffected.\u003cbr\u003e2.9 Pulsar Broker users should upgrade to one of the patched versions.\u003cbr\u003e2.10 Pulsar Broker users should upgrade to at least 2.10.4.\u003cbr\u003e2.11 Pulsar Broker users should upgrade to at least 2.11.1.\u003cbr\u003e3.0 Pulsar Broker users are unaffected.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker\u0027s Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker\u0027s admin role.\nThis issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.\n\nThe vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.\n\nThere are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.\n\n2.8 Pulsar Broker users and earlier are unaffected.\n2.9 Pulsar Broker users should upgrade to one of the patched versions.\n2.10 Pulsar Broker users should upgrade to at least 2.10.4.\n2.11 Pulsar Broker users should upgrade to at least 2.11.1.\n3.0 Pulsar Broker users are unaffected.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T09:10:03.369Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/v39hqtgrmyxr85rmofwvgrktnflbq3q5"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-30428",
"datePublished": "2023-07-12T09:10:03.369Z",
"dateReserved": "2023-04-08T03:20:41.507Z",
"dateUpdated": "2024-10-04T13:43:04.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30429 (GCVE-0-2023-30429)
Vulnerability from cvelistv5 – Published: 2023-07-12 09:08 – Updated: 2024-10-03 20:43
VLAI
Title
Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy
Summary
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.
This issue affects Apache Pulsar: before 2.10.4, and 2.11.0.
When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.
The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.
2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.
2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.
3.0 Pulsar Function Worker users are unaffected.
Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.
Severity
9.6 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/v0gcvvxswr830314q… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Pulsar |
Affected:
0 , < 2.10.4
(semver)
Affected: 2.11.0 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pulsar",
"vendor": "apache",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pulsar",
"vendor": "apache",
"versions": [
{
"status": "affected",
"version": "2.11.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T20:40:14.505445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T20:43:48.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Pulsar",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.11.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Marshall of DataStax"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\u003cbr\u003e\u003cbr\u003eWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy\u0027s role for authorization instead of the client\u0027s role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\u003cbr\u003e\u003cbr\u003eThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\u003cbr\u003e\u003cbr\u003e2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\u003cbr\u003e2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\u003cbr\u003e3.0 Pulsar Function Worker users are unaffected.\u003cbr\u003eAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\u003cbr\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy\u0027s role for authorization instead of the client\u0027s role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T09:08:23.703Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-30429",
"datePublished": "2023-07-12T09:08:23.703Z",
"dateReserved": "2023-04-08T03:30:20.317Z",
"dateUpdated": "2024-10-03T20:43:48.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30544 (GCVE-0-2023-30544)
Vulnerability from cvelistv5 – Published: 2023-04-24 16:26 – Updated: 2025-02-04 18:46
VLAI
Title
Kiwi TCMS may allow user to update email address to unverified one
Summary
Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist.
Severity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/kiwitcms/Kiwi/security/advisor… | x_refsource_CONFIRM |
| https://huntr.dev/bounties/1714df73-e639-4d64-ab2… | x_refsource_MISC |
| https://kiwitcms.org/blog/kiwi-tcms-team/2023/04/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg"
},
{
"name": "https://huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/"
},
{
"name": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30544",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T18:46:19.929666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T18:46:23.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/1714df73-e639-4d64-ab25-ced82dad9f85"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kiwi",
"vendor": "kiwitcms",
"versions": [
{
"status": "affected",
"version": "\u003c 12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-283",
"description": "CWE-283: Unverified Ownership",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T16:26:08.626Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg"
},
{
"name": "https://huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/",
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/"
},
{
"name": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/",
"tags": [
"x_refsource_MISC"
],
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/"
}
],
"source": {
"advisory": "GHSA-7x6q-3v3m-cwjg",
"discovery": "UNKNOWN"
},
"title": "Kiwi TCMS may allow user to update email address to unverified one"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30544",
"datePublished": "2023-04-24T16:26:08.626Z",
"dateReserved": "2023-04-12T15:19:33.767Z",
"dateUpdated": "2025-02-04T18:46:23.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3066 (GCVE-0-2023-3066)
Vulnerability from cvelistv5 – Published: 2023-06-05 08:27 – Updated: 2025-01-08 17:20
VLAI
Title
Mobatime mobile application - Broken authorisation
Summary
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.
Severity
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mobatime | Mobatime mobile application AMXGT100 |
Affected:
0 , ≤ 1.3.20
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:19:49.929449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:20:37.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"API"
],
"packageName": "com.Mobatime.AMXGT100",
"product": "Mobatime mobile application AMXGT100",
"vendor": "Mobatime",
"versions": [
{
"lessThanOrEqual": "1.3.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "testeurdestylos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administrators\u003cp\u003eThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T08:27:49.960Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mobatime mobile application - Broken authorisation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2023-3066",
"datePublished": "2023-06-05T08:27:49.960Z",
"dateReserved": "2023-06-02T14:24:19.100Z",
"dateUpdated": "2025-01-08T17:20:37.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30771 (GCVE-0-2023-30771)
Vulnerability from cvelistv5 – Published: 2023-04-17 07:26 – Updated: 2025-02-13 16:49
VLAI
Title
Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
Summary
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.
This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache IoTDB Workbench |
Affected:
0.13.3 , < 0.13.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:iotdb:0.13.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iotdb",
"vendor": "apache",
"versions": [
{
"status": "affected",
"version": "0.13.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T15:04:44.525825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T15:06:11.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache IoTDB Workbench",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "0.13.4",
"status": "affected",
"version": "0.13.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.\u003cp\u003eThis issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.\u003cbr\u003e\u003cbr\u003eThis problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.\n\nThis problem is fixed from version 0.13.4 of iotdb-web-workbench onwards."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T02:06:12.985Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-30771",
"datePublished": "2023-04-17T07:26:12.996Z",
"dateReserved": "2023-04-16T02:36:51.763Z",
"dateUpdated": "2025-02-13T16:49:35.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30840 (GCVE-0-2023-30840)
Vulnerability from cvelistv5 – Published: 2023-05-08 17:45 – Updated: 2025-01-29 15:26
VLAI
Title
On a compromised node, the fluid-csi service account can be used to modify node specs
Summary
Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes.
Once the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster.
To exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means.
Version 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended.
Severity
5.8 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/fluid-cloudnative/fluid/securi… | x_refsource_CONFIRM |
| https://github.com/fluid-cloudnative/fluid/commit… | x_refsource_MISC |
| https://github.com/fluid-cloudnative/fluid/commit… | x_refsource_MISC |
| https://github.com/fluid-cloudnative/fluid/releas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| fluid-cloudnative | fluid |
Affected:
>= 0.7.0, < 0.8.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/fluid-cloudnative/fluid/security/advisories/GHSA-93xx-cvmc-9w3v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fluid-cloudnative/fluid/security/advisories/GHSA-93xx-cvmc-9w3v"
},
{
"name": "https://github.com/fluid-cloudnative/fluid/commit/77c8110a3d1ec077ae2bce6bd88d296505db1550",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fluid-cloudnative/fluid/commit/77c8110a3d1ec077ae2bce6bd88d296505db1550"
},
{
"name": "https://github.com/fluid-cloudnative/fluid/commit/91c05c32db131997b5ca065e869c9918a125c149",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fluid-cloudnative/fluid/commit/91c05c32db131997b5ca065e869c9918a125c149"
},
{
"name": "https://github.com/fluid-cloudnative/fluid/releases/tag/v0.8.6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fluid-cloudnative/fluid/releases/tag/v0.8.6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T15:26:34.718687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T15:26:50.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fluid",
"vendor": "fluid-cloudnative",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0, \u003c 0.8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes.\n\nOnce the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster.\n\nTo exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means.\n\nVersion 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T17:45:46.519Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fluid-cloudnative/fluid/security/advisories/GHSA-93xx-cvmc-9w3v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fluid-cloudnative/fluid/security/advisories/GHSA-93xx-cvmc-9w3v"
},
{
"name": "https://github.com/fluid-cloudnative/fluid/commit/77c8110a3d1ec077ae2bce6bd88d296505db1550",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fluid-cloudnative/fluid/commit/77c8110a3d1ec077ae2bce6bd88d296505db1550"
},
{
"name": "https://github.com/fluid-cloudnative/fluid/commit/91c05c32db131997b5ca065e869c9918a125c149",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fluid-cloudnative/fluid/commit/91c05c32db131997b5ca065e869c9918a125c149"
},
{
"name": "https://github.com/fluid-cloudnative/fluid/releases/tag/v0.8.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fluid-cloudnative/fluid/releases/tag/v0.8.6"
}
],
"source": {
"advisory": "GHSA-93xx-cvmc-9w3v",
"discovery": "UNKNOWN"
},
"title": "On a compromised node, the fluid-csi service account can be used to modify node specs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30840",
"datePublished": "2023-05-08T17:45:46.519Z",
"dateReserved": "2023-04-18T16:13:15.880Z",
"dateUpdated": "2025-01-29T15:26:50.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31138 (GCVE-0-2023-31138)
Vulnerability from cvelistv5 – Published: 2023-05-09 14:11 – Updated: 2025-01-28 17:03
VLAI
Title
DHIS2 Core vulnerable to Improper Access Control with PATCH requests
Summary
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests.
Severity
7.1 (High)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/dhis2/dhis2-core/security/advi… | x_refsource_CONFIRM |
| https://github.com/dhis2/dhis2-releases/blob/mast… | x_refsource_MISC |
| https://github.com/dhis2/dhis2-releases/blob/mast… | x_refsource_MISC |
| https://github.com/dhis2/dhis2-releases/blob/mast… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dhis2 | dhis2-core |
Affected:
>= 2.36, < 2.37.9.1
Affected: >= 2.38, < 2.38.3.1 Affected: >= 2.39, < 2.39.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:26.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-pwvw-4m67-f4g2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-pwvw-4m67-f4g2"
},
{
"name": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.37/ReleaseNote-2.37.9.1.md",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.37/ReleaseNote-2.37.9.1.md"
},
{
"name": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.38/ReleaseNote-2.38.3.1.md",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.38/ReleaseNote-2.38.3.1.md"
},
{
"name": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.39/ReleaseNote-2.39.1.2.md",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.39/ReleaseNote-2.39.1.2.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T17:03:33.029352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T17:03:42.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dhis2-core",
"vendor": "dhis2",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.36, \u003c 2.37.9.1"
},
{
"status": "affected",
"version": "\u003e= 2.38, \u003c 2.38.3.1"
},
{
"status": "affected",
"version": "\u003e= 2.39, \u003c 2.39.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T14:11:11.868Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-pwvw-4m67-f4g2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-pwvw-4m67-f4g2"
},
{
"name": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.37/ReleaseNote-2.37.9.1.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.37/ReleaseNote-2.37.9.1.md"
},
{
"name": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.38/ReleaseNote-2.38.3.1.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.38/ReleaseNote-2.38.3.1.md"
},
{
"name": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.39/ReleaseNote-2.39.1.2.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.39/ReleaseNote-2.39.1.2.md"
}
],
"source": {
"advisory": "GHSA-pwvw-4m67-f4g2",
"discovery": "UNKNOWN"
},
"title": "DHIS2 Core vulnerable to Improper Access Control with PATCH requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-31138",
"datePublished": "2023-05-09T14:11:11.868Z",
"dateReserved": "2023-04-24T21:44:10.417Z",
"dateUpdated": "2025-01-28T17:03:42.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31141 (GCVE-0-2023-31141)
Vulnerability from cvelistv5 – Published: 2023-05-08 20:33 – Updated: 2025-01-29 14:54
VLAI
Title
OpenSearch issue with fine-grained access control during extremely rare race conditions
Summary
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.
Severity
4.8 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/opensearch-project/security/se… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| opensearch-project | security |
Affected:
>= 1.0.0, < 1.3.10
Affected: >= 2.0.0, < 2.7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/opensearch-project/security/security/advisories/GHSA-g8xc-6mf7-h28h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/opensearch-project/security/security/advisories/GHSA-g8xc-6mf7-h28h"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:54:15.080834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T14:54:25.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security",
"vendor": "opensearch-project",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.3.10"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T20:33:58.601Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opensearch-project/security/security/advisories/GHSA-g8xc-6mf7-h28h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opensearch-project/security/security/advisories/GHSA-g8xc-6mf7-h28h"
}
],
"source": {
"advisory": "GHSA-g8xc-6mf7-h28h",
"discovery": "UNKNOWN"
},
"title": "OpenSearch issue with fine-grained access control during extremely rare race conditions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-31141",
"datePublished": "2023-05-08T20:33:58.601Z",
"dateReserved": "2023-04-24T21:44:10.417Z",
"dateUpdated": "2025-01-29T14:54:25.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.